diff mbox series

[Bug,1727259,NEW] qemu-io-test 58 segfaults when configured with gcov

Message ID 150892430716.18436.10907121916690603983.malonedeb@chaenomeles.canonical.com
State New
Headers show
Series [Bug,1727259,NEW] qemu-io-test 58 segfaults when configured with gcov | expand

Commit Message

Nageswara R Sastry Oct. 25, 2017, 9:38 a.m. UTC 
Public bug reported:

Head is at 3d7196d43bfe12efe98568cb60057e273652b99b

Steps to re-produce:
1. git clone
./configure --enable-gcov --target-list=ppc64-softmmu
make
cd tests/qemu-iotests

2. export qemu binary, in my environment
export QEMU_PROG=/home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64

3. Run test 58 with format qcow2
./check -qcow2 58

QEMU          -- "/home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64" -nodefaults -machine accel=qtest
QEMU_IMG      -- "/home/nasastry/qemu_gcov/qemu-img"
QEMU_IO       -- "/home/nasastry/qemu_gcov/qemu-io"  --cache writeback -f qcow2
QEMU_NBD      -- "/home/nasastry/qemu_gcov/qemu-nbd"
IMGFMT        -- qcow2 (compat=1.1)
IMGPROTO      -- file
PLATFORM      -- Linux/ppc64le zzfp365-lp1 4.13.0-4.rel.git49564cb.el7.centos.ppc64le
TEST_DIR      -- /home/nasastry/qemu_gcov/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- /home/nasastry/qemu_gcov/tests/qemu-iotests/socket_scm_helper

058 1s ... - output mismatch (see 058.out.bad)
Failures: 058
Failed 1 of 1 tests

with out gcov configured this test case is pass.
# ./check -qcow2 58
QEMU          -- "/home/nasastry/qemu/ppc64-softmmu/qemu-system-ppc64" -nodefaults -machine accel=qtest
QEMU_IMG      -- "/home/nasastry/qemu/qemu-img"
QEMU_IO       -- "/home/nasastry/qemu/qemu-io"  --cache writeback -f qcow2
QEMU_NBD      -- "/home/nasastry/qemu/qemu-nbd"
IMGFMT        -- qcow2 (compat=1.1)
IMGPROTO      -- file
PLATFORM      -- Linux/ppc64le zzfp365-lp1 4.13.0-4.rel.git49564cb.el7.centos.ppc64le
TEST_DIR      -- /home/nasastry/qemu/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- /home/nasastry/qemu/tests/qemu-iotests/socket_scm_helper

058 0s ...
Passed all 1 tests

** Affects: qemu
     Importance: Undecided
         Status: New

Comments

Nageswara R Sastry Oct. 25, 2017, 9:39 a.m. UTC | #1 
from demsg:
[84831.506917] qemu-io[35971]: unhandled signal 11 at 0000000000000004 nip 00007fffae20f7d4 lr 00000000102d3ec8 code 30001
[84831.519551] qemu-io[35977]: unhandled signal 11 at 0000000000000004 nip 00007fff9925f7d4 lr 00000000102d3ec8 code 30001
[84831.634000] qemu-io[35990]: unhandled signal 11 at 0000000000000004 nip 00007fff86b4f7d4 lr 00000000102d3ec8 code 30001
[84831.646318] qemu-io[35997]: unhandled signal 11 at 0000000000000004 nip 00007fffa165f7d4 lr 00000000102d3ec8 code 30001

from gdb:
(gdb) bt
#0  0x00007fff8c75f7d4 in __strcmp_power9 () from /lib64/libc.so.6
#1  0x00000000102d3ec8 in find_desc_by_name (desc=0x1036d6f0, name=0x28e46670 "server.path") at util/qemu-option.c:166
#2  0x00000000102d93e0 in qemu_opts_absorb_qdict (opts=0x28e47a80, qdict=0x28e469a0, errp=0x7fffec247c98) at util/qemu-option.c:1026
#3  0x000000001012a2e4 in nbd_open (bs=0x28e42290, options=0x28e469a0, flags=24578, errp=0x7fffec247d80) at block/nbd.c:406
#4  0x00000000100144e8 in bdrv_open_driver (bs=0x28e42290, drv=0x1036e070 <bdrv_nbd_unix>, node_name=0x0, options=0x28e469a0, open_flags=24578, errp=0x7fffec247f50) at block.c:1135
#5  0x0000000010015b04 in bdrv_open_common (bs=0x28e42290, file=0x0, options=0x28e469a0, errp=0x7fffec247f50) at block.c:1395
#6  0x000000001001bee8 in bdrv_open_inherit (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e469a0, flags=57346, parent=0x28e3bf90,
    child_role=0x102fa980 <child_file>, errp=0x7fffec248150) at block.c:2615
#7  0x000000001001a620 in bdrv_open_child_bs (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", options=0x28e40250, bdref_key=0x102fb618 "file", parent=0x28e3bf90,
    child_role=0x102fa980 <child_file>, allow_none=true, errp=0x7fffec248150) at block.c:2314
#8  0x000000001001b9c0 in bdrv_open_inherit (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e40250, flags=24578, parent=0x0,
    child_role=0x0, errp=0x7fffec248310) at block.c:2566
#9  0x000000001001c70c in bdrv_open (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e3af70, flags=16386, errp=0x7fffec248310)
    at block.c:2697
#10 0x00000000100e7664 in blk_new_open (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e3af70, flags=16386, errp=0x7fffec248310)
    at block/block-backend.c:321
#11 0x000000001000b57c in openfile (name=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", flags=16386, writethrough=false, force_share=false, opts=0x28e3af70) at qemu-io.c:81
#12 0x000000001000e388 in main (argc=11, argv=0x7fffec248a38) at qemu-io.c:624
(gdb) bt full
#0  0x00007fff8c75f7d4 in __strcmp_power9 () from /lib64/libc.so.6
No symbol table info available.
#1  0x00000000102d3ec8 in find_desc_by_name (desc=0x1036d6f0, name=0x28e46670 "server.path") at util/qemu-option.c:166
        i = 7
#2  0x00000000102d93e0 in qemu_opts_absorb_qdict (opts=0x28e47a80, qdict=0x28e469a0, errp=0x7fffec247c98) at util/qemu-option.c:1026
        local_err = 0x0
        state = {opts = 0x28e47a80, errp = 0x7fffec247bd0}
        entry = 0x28e46640
        next = 0x28e479e0
#3  0x000000001012a2e4 in nbd_open (bs=0x28e42290, options=0x28e469a0, flags=24578, errp=0x7fffec247d80) at block/nbd.c:406
        s = 0x28e48740
        opts = 0x28e47a80
        local_err = 0x0
        sioc = 0x0
        tlscreds = 0x0
        hostname = 0x0
        ret = -22
        __func__ = "nbd_open"
#4  0x00000000100144e8 in bdrv_open_driver (bs=0x28e42290, drv=0x1036e070 <bdrv_nbd_unix>, node_name=0x0, options=0x28e469a0, open_flags=24578, errp=0x7fffec247f50) at block.c:1135
        local_err = 0x0
        ret = 0
        __PRETTY_FUNCTION__ = "bdrv_open_driver"
        __func__ = "bdrv_open_driver"
#5  0x0000000010015b04 in bdrv_open_common (bs=0x28e42290, file=0x0, options=0x28e469a0, errp=0x7fffec247f50) at block.c:1395
        ret = 0
        open_flags = 24578
        filename = 0x0
        driver_name = 0x28e47c00 "nbd"
        node_name = 0x0
        discard = 0x28e47ce0 "unmap"
        detect_zeroes = 0x0
        opts = 0x28e47ad0
        drv = 0x1036e070 <bdrv_nbd_unix>
        local_err = 0x0
        __PRETTY_FUNCTION__ = "bdrv_open_common"
        __func__ = "bdrv_open_common"
#6  0x000000001001bee8 in bdrv_open_inherit (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e469a0, flags=57346, parent=0x28e3bf90,
    child_role=0x102fa980 <child_file>, errp=0x7fffec248150) at block.c:2615
        ret = 0
        file = 0x0
        bs = 0x28e42290
        drv = 0x1036e070 <bdrv_nbd_unix>
        drvname = 0x28e46750 "nbd"
        backing = 0x0
        local_err = 0x0
        snapshot_options = 0x0
        snapshot_flags = 0
        __PRETTY_FUNCTION__ = "bdrv_open_inherit"
        __func__ = "bdrv_open_inherit"
#7  0x000000001001a620 in bdrv_open_child_bs (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", options=0x28e40250, bdref_key=0x102fb618 "file", parent=0x28e3bf90,
    child_role=0x102fa980 <child_file>, allow_none=true, errp=0x7fffec248150) at block.c:2314
        bs = 0x0
        image_options = 0x28e41270
        bdref_key_dot = 0x28e29a60 ""
        reference = 0x0
        __PRETTY_FUNCTION__ = "bdrv_open_child_bs"
        __func__ = "bdrv_open_child_bs"
#8  0x000000001001b9c0 in bdrv_open_inherit (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e40250, flags=24578, parent=0x0,
    child_role=0x0, errp=0x7fffec248310) at block.c:2566
        file_bs = 0x7fffec2481c0
        ret = 0
        file = 0x0
        bs = 0x28e3bf90
        drv = 0x10354b40 <bdrv_raw>
        drvname = 0x28e29440 "raw"
        backing = 0x0
        local_err = 0x0
        snapshot_options = 0x0
---Type <return> to continue, or q <return> to quit---
        snapshot_flags = 0
        __PRETTY_FUNCTION__ = "bdrv_open_inherit"
        __func__ = "bdrv_open_inherit"
#9  0x000000001001c70c in bdrv_open (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e3af70, flags=16386, errp=0x7fffec248310)
    at block.c:2697
No locals.
#10 0x00000000100e7664 in blk_new_open (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e3af70, flags=16386, errp=0x7fffec248310)
    at block/block-backend.c:321
        blk = 0x28e294b0
        bs = 0x7fffec248280
        perm = 3
#11 0x000000001000b57c in openfile (name=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", flags=16386, writethrough=false, force_share=false, opts=0x28e3af70) at qemu-io.c:81
        local_err = 0x0
#12 0x000000001000e388 in main (argc=11, argv=0x7fffec248a38) at qemu-io.c:624
        readonly = 0
        sopt = 0x102fa128 "hVc:d:f:rsnCmkt:T:U"
        lopt = {{name = 0x102fa1f8 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x102fa200 "version", has_arg = 0, flag = 0x0, val = 86}, {name = 0x102fa208 "cmd", has_arg = 1, flag = 0x0, val = 99}, {
            name = 0x102fa210 "format", has_arg = 1, flag = 0x0, val = 102}, {name = 0x102fa218 "read-only", has_arg = 0, flag = 0x0, val = 114}, {name = 0x102fa228 "snapshot", has_arg = 0, flag = 0x0, val = 115}, {
            name = 0x102fa238 "nocache", has_arg = 0, flag = 0x0, val = 110}, {name = 0x102fa240 "copy-on-read", has_arg = 0, flag = 0x0, val = 67}, {name = 0x102fa250 "misalign", has_arg = 0, flag = 0x0, val = 109}, {
            name = 0x102fa260 "native-aio", has_arg = 0, flag = 0x0, val = 107}, {name = 0x102fa270 "discard", has_arg = 1, flag = 0x0, val = 100}, {name = 0x102fa278 "cache", has_arg = 1, flag = 0x0, val = 116}, {
            name = 0x102fa280 "trace", has_arg = 1, flag = 0x0, val = 84}, {name = 0x102fa108 "object", has_arg = 1, flag = 0x0, val = 256}, {name = 0x102fa288 "image-opts", has_arg = 0, flag = 0x0, val = 257}, {
            name = 0x102f9768 "force-share", has_arg = 0, flag = 0x0, val = 85}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
        c = -1
        opt_index = 11
        flags = 16386
        writethrough = false
        local_error = 0x0
        opts = 0x28e3af70
        format = 0x7fffec24f28f "raw"
        trace_file = 0x0
        force_share = false
Thomas Huth Jan. 4, 2018, 8:14 p.m. UTC | #2 
I'll work on this.

** Changed in: qemu
     Assignee: (unassigned) => Murilo Opsfelder Araújo (mopsfelder)
Thomas Huth Jan. 5, 2018, 1:49 p.m. UTC | #3 
Patch sent:
http://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00883.html

** Changed in: qemu
       Status: New => In Progress
Thomas Huth Jan. 9, 2018, 5:48 p.m. UTC | #4 
The fix was committed:

https://git.qemu.org/?p=qemu.git;a=commitdiff;h=c4365735a7d38f4355c6f77e6670d3972315f7c2

commit c4365735a7d38f4355c6f77e6670d3972315f7c2
Author: Murilo Opsfelder Araujo <muriloo@linux.vnet.ibm.com>
Date:   Fri Jan 5 11:32:41 2018 -0200

    block/nbd: fix segmentation fault when .desc is not null-terminated

** Changed in: qemu
       Status: In Progress => Fix Committed
Thomas Huth April 26, 2018, 5:12 a.m. UTC | #5 
** Changed in: qemu
       Status: Fix Committed => Fix Released
diff mbox series

Patch

--- /home/nasastry/qemu_gcov/tests/qemu-iotests/058.out	2017-10-09 14:09:04.262726912 +0530
+++ /home/nasastry/qemu_gcov/tests/qemu-iotests/058.out.bad	2017-10-25 15:00:52.037515025 +0530
@@ -19,16 +19,28 @@ 
 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)

 == verifying the exported snapshot with patterns, method 1 ==
-read 4096/4096 bytes at offset 4096
-4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-read 4096/4096 bytes at offset 8192
-4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+./common.rc: line 66: 36255 Segmentation fault      (core dumped) ( if [ "${VALGRIND_QEMU}" == "y" ]; then
+    exec valgrind --log-file="${VALGRIND_LOGFILE}" --error-exitcode=99 "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+else
+    exec "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+fi )
+./common.rc: line 66: 36262 Segmentation fault      (core dumped) ( if [ "${VALGRIND_QEMU}" == "y" ]; then
+    exec valgrind --log-file="${VALGRIND_LOGFILE}" --error-exitcode=99 "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+else
+    exec "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+fi )

 == verifying the exported snapshot with patterns, method 2 ==
-read 4096/4096 bytes at offset 4096
-4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-read 4096/4096 bytes at offset 8192
-4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+./common.rc: line 66: 36274 Segmentation fault      (core dumped) ( if [ "${VALGRIND_QEMU}" == "y" ]; then
+    exec valgrind --log-file="${VALGRIND_LOGFILE}" --error-exitcode=99 "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+else
+    exec "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+fi )
+./common.rc: line 66: 36282 Segmentation fault      (core dumped) ( if [ "${VALGRIND_QEMU}" == "y" ]; then
+    exec valgrind --log-file="${VALGRIND_LOGFILE}" --error-exitcode=99 "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+else
+    exec "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+fi )

 == verifying the converted snapshot with patterns, method 1 ==
 read 4096/4096 bytes at offset 4096